I am looking for an infosec position in the DC Metro area or South Florida.
My most recent position is Sr. Engineer in support of managed security
services. My greatest proficiency is with Checkpoint Firewall-1 and the
Nokia IP platform, to include reverse engineering their files for process
automation and value-add services. I am proficient in data mining of log
files and complex packet-level troubleshooting, and I can apply this to
Intrusion Detection platforms such as Snort. Besides serving as the lead
technical escalation for managed firewalls, I continually work with
management towards improving efficiency and level of service. Prior to this,
I worked in CACI's Information Assurance department, providing infosec
consulting, assessments and technical documents to commercial and government
clients.
Please see my resume below.
Sincerely,
Eric J. Bragger
[EMAIL PROTECTED]
____________________________________________________________________________
Eric John Bragger (CCSA/CCSE)
[EMAIL PROTECTED]
____________________________________________________________________________
167 Crossbow Ln. Phone: (301) 963-3525
Gaithersburg, MD 20878 Fax: (301) 924-9337
____________________________________________________________________________
OBJECTIVE
To support excellence in the field of information security by combining
broad technical ability and continuous research with initiative,
creativity, strong verbal/written communication skills and business
proficiency.
____________________________________________________________________________
POSITIONS HELD
Sr. Engineer III, IP Security
Engineer II, IP Security
Systems Security Analyst I
____________________________________________________________________________
INFORMATION TECHNOLOGY
- CHECKPOINT FIREWALL-1
---
ADMINISTRATION Provider-1 - Standalone - Field Firewalls
High Availability - Gateway Clusters
VPNs ISAKMP (IKE) - IPSEC - FWZ - SKIP - PPTP Tunneling
SECURECLIENT IKE - FWZ - UDP Encapsulation - IKE over TCP
IP Pooling - Single / Multiple Entry Points
NAT Internal-to-Internal (Dual Hide) - Multi-Interface
NAT of Inbound VPNs - NAT of Inbound SecureClient
AUTHENTICATION User, Client, Session - RADIUS - LDAP - S/Key - IKE
RESOURCES/PROXIES Kernel URL Logging - UFP - CVP - Connect Control
HTTP, SMTP, FTP Security Servers
CRASH FORENSICS "ELG" Analysis - Core Analysis
Daemon Stats - Module Debug
AUDITING Rulebase Security Audits - Log Audits
Integration - Performance Tuning
REVERSE ENGINEERING Rulebases (compiled/uncompiled) - Objects File
- NOKIA IP APPLIANCE / IPSO OPERATING SYSTEM
---
ADMINISTRATION Voyager Configuration
High-Availability (VRRP Monitored Circuits)
ADVANCED ADMIN. "iclid" - "ipsctl" - "ipsofwd"
Firewall Flows - Performance Tuning
CRASH FORENSICS Core Analysis - Module Memory Usage
Subsystem Health (CPU/Disk/Memory)
REVERSE ENGINEERING IPSO Database
- NETWORKING
---
GENERAL SKILLS Security Analysis - Segmentation - Architecture
Testing - Routing - Switching
TROUBLESHOOTING Packet Sniffing/Decode (tcpdump, snoop, Ethereal)
Session Analysis - Route Verification
PROTOCOLS IP - TCP - UDP - ICMP - ESP - IPX - GRE - NetBIOS
- INFORMATION SECURITY
---
GENERAL SKILLS Assessment - Penetration - Fortification
Network Mapping - Functional & Performance Testing
Technical Writing - War Dialing - OS Hardening
ENCRYPTION SSH - PKI (PGP) - RSA Keys - DES/3DES
ISAKMP - IPsec - FWZ - SKIP
- TICKETING SYSTEMS
---
DESIGN Interface - Logic - Field Elements - Metrics
Relational Database Structure
- SOFTWARE
---
FIREWALLS Checkpoint FW-1 v4.0-4.1 - Axent Raptor 5-6.0
Cisco PIX - NAI Gauntlet 4.2-5
SCRIPTING sh / bash (Bourne Shell) - Parsing
Regular Expressions - HTML
OPERATING SYSTEMS Nokia IPSO - Solaris - Linux - BSD - SunOS
Digital Unix - IBM AIX - XWindows environments
Windows NT/98/95/3.1 - OS/2 2.1-3.0 - DOS
SECURITY TOOLS ISS Internet Scanner 5-6.x - NAI CyberCop Scanner
Satan - Saint - Sara - Nessus - COPS
Snort - TripWire - ToneLOC - TCP Wrappers
PRODUCTIVITY Microsoft Office 95-2000:
Word - Excel - Outlook - Powerpoint - Frontpage
Microsoft Project - Webtrends - Visio 4.0-2000
Wordperfect 4.2-8.0 - Lotus 123
E-MAIL Outlook - Pine - Lotus Notes 4.x - Eudora Pro
GRAPHICS Adobe Photoshop 3.0-6.0 - Bryce - 3D Studio 3.0-Max
____________________________________________________________________________
WORK EXPERIENCE
2001-Present SR. ENGINEER III, IP SECURITY
Allegiance Telecom / Intermedia Business Internet
Security Management Center
- Serving as lead engineer for managed firewalls in the field.
On-call escalation point for 2nd and other 3rd tier engineers.
Principal coordinator of vendor support. Daily contact with
domestic and international customers, to include government
agencies.
- Created a script that inputs an IP address portion and displays
the objects and NATs that match it, in addition to the groups
those objects are in. Handles infinite nested groups.
- Designed the structure, interface and article templates for a
flexible, enterprise-class knowledgebase. Authored the majority
of its articles.
- Developed requirements for ticketing system migration from Cold
Fusion to Remedy. Revised and re-organized ticket categories in
support of data mining and metrics.
2000-2001 SR. ENGINEER III, IP SECURITY
Intermedia Business Internet
Security Management Center
- Served as 3rd-Tier engineer for managed firewalls in the field.
On-call escalation point for 2nd-Tier engineers. Daily contact
with domestic and international customers, to include government
agencies.
- Reverse-engineered significant portions of the Checkpoint rulebase
files, Checkpoint objects file and Nokia IPSO database. Applied
this knowledge to automated scripts and day-to-day operations.
- Designed a major overhaul to the structure and interface of a Cold
Fusion-based ticketing system in support of efficiency and
metrics. This included HTML prototypes of schemas and a complex
logical diagram created in Visio 2000.
- Authored official procedures for topics such as crash forensics
and troubleshooting.
- Informed Checkpoint of a deficiency with their workaround to the
RDP tunneling vulnerability and escalated within Checkpoint until
a proper patch was released.
- Maintained a list of documented and undocumented bugs in
Checkpoint
Firewall-1 and the Nokia IPSO operating system.
- Wrote a script to automatically diagnose discrepancies between
firewalls in a high-availability configuration and verify proper
settings.
1999-2000 ENGINEER II, IP SECURITY
Intermedia Business Internet / Digex
Security Management Center
- Served as 2nd-Tier engineer for managed firewalls in Digex server
farms and in the field. Escalation point for 1st-Tier engineers.
Daily contact with domestic and international customers, to
include government agencies.
- Principal contributor in executive-level meetings with the
Director of Product Management, the Manager of Security Products
Sales and the VP of Business Process Solutions.
- One of three employees selected to participate in a revision of
internal processes and job requirements. Designed changes to the
internal ticketing system in support of these revisions.
- Created a modular scripting system which logs into a list of
firewalls and runs commands. Each script module can contain
settings that offer highly customized execution.
- Created a script that automates incremental backups of files each
time they are modified.
- Maintained monthly firewall licenses on approximately 300
firewalls. Negotiated with Checkpoint for a less-restrictive,
6-month license.
1998-1999 SYSTEMS SECURITY ANALYST I
CACI Inc.
Information Assurance Dept.
- Created the department's benchmark technical proposal for security
assessment contracts.
- Responsible for project timeline creation, client interaction,
strategic planning, technical analysis and documentation for a
long-term Navy network reconfiguration.
- Conducted a comprehensive assessment of the features and technical
aspects of thirteen major Intrusion Detection Systems.
- Composed a document combining load analysis, network simulation
and firewall implementation procedures for a Navy client. This
document received commendation from the client.
- Responsible for the installation, configuration and accreditation
of a mission-critical firewall.
- Created comprehensive configuration documents for conversion from
a Checkpoint firewall to a proxy-based Raptor firewall, to include
hardening the Solaris operating system.
- Technical lead for a quarterly County network assessment that
included external/internal vulnerability analyses, analog phone
scanning, threat monitoring and custom reporting.
- Evaluated the security and utility of a distributed networking
infrastructure for a mission-critical, international deployment
of satellite communications.
- Performed a comprehensive sector analysis of a foreign
government's technology incubator program.
____________________________________________________________________________
CERTIFICATIONS / TRAINING
2001 Checkpoint Certified Security Administrator (CCSA)
Checkpoint Certified Security Expert (CCSE)
2000 Nokia IP Security and High-Availability Training
Checkpoint CP2000 Training
Axent NetProwler IDS Training
1999 ISS Certified for Internet Scanner and SafeSuite Products
CACI Inc. Certified in Project Management
____________________________________________________________________________
EDUCATION
1994-1998 University of Florida Gainesville, FL
BBA in Management, Warrington College of Business Administration
